Talk Is Cheap

While many businesses recognize the value of protecting themselves from potentially disastrous security incidents, they fall short in their attempts to do so.

Mar 28th, 2012

By MIKE SCHMIDT, Associate Editor, Manufacturing Business Technology

It is clear companies of all types and sizes consider security to be a high priority in today’s increasingly tech-oriented business climate. And it’s no surprise why. Cloud computing has become more widely adopted and complex, mobile devices of all types now populate the workplace, and companies continue to work to leverage technology to meet their ever-changing business needs.

But there’s a downside -- namely new and increasing security threats and vulnerabilities. However, while many businesses recognize the value of protecting themselves from potentially disastrous security incidents, they fall short in their attempts to do so.

Recent research conducted by The Computing Technology Industry Association (CompTIA) found seven out of 10 organizations rate security as a high priority, compared to 49 percent in 2010. Meanwhile, one in three or four organizations experienced a security incident in 2011, with about half of them being considered serious.

The aforementioned statistics are especially alarming when one also considers other CompTIA findings. For instance, approximately 40 percent of organizations are dealing with significant or moderate expertise gaps among the members of their information technology (IT) staff. Furthermore, only about 29 percent of organizations report conducting a heavy review of their cloud service providers’ policies, procedures and capabilities. This suggests a significant number of them simply aren’t equipped to deal with security threats. And according to CompTIA’s vice president of research, Tim Herbert, there’s one main reason why.

“One of the patterns we’ve seen for quite awhile is that most companies rely on general IT staff to also manage the company’s security policies and security implementations,” says Hebert. “With the growing sophistication in certain areas of security threats, it is no longer something a generalist can adequately handle.”

The CompTIA data also suggests companies are also struggling to find outside help to deal with their security concerns, as about 50 percent of organizations report facing challenges in hiring IT specialists. In an age where organizations are transitioning from a low-risk use of cloud computing to a more mission-critical use, that’s a problem.

According to CompTIA, system downtime of cloud providers, data exposure during transfers between on-premise and cloud systems, and the physical security of cloud data centers and data segregation in a multi-tenant environment should be of the utmost concern to business organizations and their IT staffs.

And yet, three in four report they lack the proper knowledge regarding their cloud service providers’ policies, procedures and capabilities.

Yes, businesses say security is a top priority. However, their actions indicate otherwise. It makes little sense to invest in a technology to improve business capabilities, but fail to spend the necessary time, effort and money to support that technological investment. So why do businesses and organizations fall short? Hebert offers one explanation.

“Cloud and mobility and data and social, they aren’t new. But companies are moving more critical systems, and they are using these technologies in ways they may not have used them a year or two ago,” he says.

This has led to more data and complexity, and companies are unable to adequately adjust and make that data useable.

“For the most part, a lot of companies are still just wrapping their arms around what they have,” says Hebert.

Well, it is clear that approach isn’t working. Companies need to take more aggressive steps to protect themselves from security threats -- whether it’s closely studying their cloud provider, gaining a better understanding of their business data or considering an investment in outside security services. The increased use of technology in the workplace, and the ever-increasing number and complexity of security incidents is evidence that talking tough simply isn’t enough anymore.